Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware.

Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises.

Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the dangers facing unified communications and how to mount an effective defense.

There are a lot of dirty and destructive pieces of software out there, but a logic bomb may cause some of the most damage. Triggered by the smallest of events, logic bombs can wreck computers, networks, and even an organization's precious profits. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how to prepare for a hacker's detonation.

Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Skoudis reviews the top merger-related threats and how to avoid them.

Web application server attacks are nothing new, but attackers are coming up with creative new ways to penetrate them. Information security expert Peter Giannoulis examines how data-hungry attackers are using Web application servers to crack into back-end databases, and offers advice on what can be done to protect Web infrastructures.

Microsoft has touted Windows Vista as its most secure operating system ever. But if that's the case, why has it already been the subject of several high-profile security problems? As Ed Skoudis explains, despite its improvements, Vista's security posture is far from perfect.

Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a multifaceted defensive strategy.

Now that nearly all organizations are employing some sort of antispam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. But as Mike Rothman writes, the emergence of reputation-based systems is making it easier to weed out spam before it ever reaches the network gateway.

Attackers are always looking for innovative ways to dodge antivirus software, and many of the bad guys are now creating polymorphic code to do just that. But it's not just the malware writers who are raising the bar. In this tip from our Ask the Experts section, contributor Ed Skoudis explains how antimalware vendors are responding to this emerging threat.

Enterprise VoIP vendors may tout "plug-and-play" products that are ready to run right out of the box, but those vendors may not be taking security into consideration. As information security threats expert Ed Skoudis writes, there are many potential VoIP threat vectors, but packet-based telephony services can be secured with due diligence and adherence to best practices.